Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON Output Format Loses Information #104

Open
Brumstar opened this issue Mar 31, 2021 · 3 comments
Open

JSON Output Format Loses Information #104

Brumstar opened this issue Mar 31, 2021 · 3 comments

Comments

@Brumstar
Copy link

When using checksec.py to output to JSON format, the output does not show the same level of detail as the rich output formatter. Specifically, the HighEntropyVA and SafeSEH results for a binary will default to True or False and not "/" as in the rich output formatter. The same checks to determine the architecture and determine whether these flags should be implemented on the JSON formatter.
@Wenzel
Copy link
Owner

Wenzel commented Aug 26, 2021

Indeed,
however, adding this information in JSON means that we switch from boolean values to strings that have to be intepreted.

If you have a good suggestion to implement your idea, feel free to submit it here

@Brumstar
Copy link
Author

Writing a little snippet in the output formatter would be good, such as this for PE files, and expand to ELF

def add_checksec_result(self, filepath: Path, checksec: Union[ELFChecksecData, PEChecksecData]):
        if isinstance(checksec, ELFChecksecData):
            self.data[str(filepath.resolve())] = {
                "relro": checksec.relro.name,
                "canary": checksec.canary,
                "nx": checksec.nx,
                "pie": checksec.pie.name,
                "rpath": checksec.rpath,
                "runpath": checksec.runpath,
                "symbols": checksec.symbols,
                "fortify_source": checksec.fortify_source,
                "fortified": checksec.fortified,
                "fortify-able": checksec.fortifiable,
                "fortify_score": checksec.fortify_score,
            }
        elif isinstance(checksec, PEChecksecData):
            if checksec.machine == MACHINE_TYPES.I386:
                heva = "N/A"
                sseh = checksec.safe_seh
            else:
                heva = checksec.high_entropy_va
                sseh = "N/A"

            self.data[str(filepath.resolve())] = {
                "nx": checksec.nx,
                "canary": checksec.canary,
                "aslr": checksec.aslr,
                "dynamic_base": checksec.dynamic_base,
                "high_entropy_va": heva,
                "isolation": checksec.isolation,
                "seh": checksec.seh,
                "safe_seh": sseh,
                "authenticode": checksec.authenticode,
                "guard_cf": checksec.guard_cf,
                "force_integrity": checksec.force_integrity,
            }
        else:
            raise NotImplementedError

@Artoria2e5
Copy link

Artoria2e5 commented Mar 15, 2023
edited
Loading

Just make has_safe_seh an Optional[bool] instead to account for the 64-bit / case. When you make it JSON you stuff in "null".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Wenzel @Artoria2e5 @Brumstar